summaryrefslogtreecommitdiff
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* doc: Clarify p11-kit server documentationDaiki Ueno2017-05-261-3/+5
|
* rpc: New p11_kit_remote_serve_tokens functionDaiki Ueno2017-05-251-0/+1
|
* uri: Support vendor query attributesDaiki Ueno2017-02-211-0/+2
| | | | | | | | If an unknown attribute is present in the query part of the PKCS#11 URI, the parser treated it as unrecognized and subsequent matches failed. Instead, keep track of such attributes and provide a set of API to deal with them.
* rpc: Add PKCS#11 module that connects to socketDaiki Ueno2017-02-172-0/+18
| | | | | | | | | | | | | | | This patch adds a PKCS#11 module that connects to the p11-kit server exposed on the filesystem. The filename of the socket is determined in the following order: - $P11_KIT_SERVER_ADDRESS, if the envvar is available - $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available - /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists - /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists - ~/.cache/p11-kit/pkcs11. Note that the program loading this module may have called setuid() and secure_getenv() which we use for fetching envvars could return NULL.
* remote: Add API to serve a tokenDaiki Ueno2017-02-171-0/+1
|
* filter: New virtual wrapper for access controlDaiki Ueno2017-02-081-0/+1
|
* iter: Enable iteration over slots/tokens/modulesDaiki Ueno2017-02-081-0/+2
| | | | | | | | | While PKCS#11 URI can identify slots/tokens/modules, P11KitIter is only capable of iterating over objects. This patch adds new behaviors to P11KitIter to support iterations over slots/tokens/modules, using the C coroutine trick as described in: http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
* trust: Implement a 'trust dump' commandStef Walter2017-01-311-0/+39
| | | | | | | | | | | This dumps all the PKCS#11 objects in the internal .p11-kit persistence format. This is part of the trust command and tooling, even though at some point it could go in the p11-kit command. The reason for this is that the code related to the internal .p11-kit objects is in the trust code, and consumed solely by the trust related modules.
* build: Make libffi closure optionalDaiki Ueno2017-01-241-0/+1
| | | | | | | | libffi's closure support is not available on all platforms and may fail at run time if running under a stricter SELinux policy. Fallback to pre-compiled closures if it is not usable. https://bugs.freedesktop.org/show_bug.cgi?id=97611
* uri: Support query attributes to specify moduleDaiki Ueno2017-01-191-0/+4
| | | | | Accept and produce 'module-name' and 'module-path' query attributes defined in RFC 7512.
* doc: More tweaks for gtk-docDaiki Ueno2016-12-191-0/+7
|
* doc: Mention new API functionsDaiki Ueno2016-12-191-0/+6
|
* doc: State 'p11-kit trust' is a deprecated formDaiki Ueno2016-12-061-2/+4
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1160783
* doc: Update documentation to point towards GitHubStef Walter2016-11-291-1/+1
| | | | | The p11-kit code has moved to GitHub. The documentation needs an update.
* Fix typo in pkcs11.confStef Walter2016-08-091-1/+1
| | | | Pointed out by David Woodhouse
* doc: Fix interpolation of p11-kit configuration paths in documentationStef Walter2016-08-091-6/+4
| | | | | Previously these were expanded based on the home directory of the one building the documentation (me).
* manual: Fix typos in documentationLudovic Rousseau2015-10-192-6/+6
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=92520
* trust: Add pem-directory-hash extract formatAdam Williamson2015-01-141-1/+5
| | | | | | | | | | | | This allows extraction of a directory of standard PEM files with the OpenSSL hash symlinks; this is a format used by some popular platforms (Debian's /etc/ssl/certs is in this form, and OpenSUSE provides it for compatibility). Initially by: Ludwig Nussel <ludwig.nussel@suse.de> Signed-off-by: Stef Walter <stefw@redhat.com> * Added header, fixed compiler warnings
* trust: Allow 'BEGIN PUBLIC KEY' PEM blocks in .p11-kit filesStef Walter2014-10-091-4/+9
| | | | | | | These PEM blocks contribute a CKA_PUBLIC_KEY_INFO to the object being read/written. https://bugs.freedesktop.org/show_bug.cgi?id=83799
* p11-kit: Remove the 'isolated' option for nowStef Walter2014-10-012-11/+5
| | | | | | This option was not completed in time, and as implemented suffers from limitations that the module is not really completely isolated as it still runs under the same user id as the calling process.
* common: New public pkcs11x.h header containing extensionsStef Walter2014-09-101-0/+1
| | | | | | | Move our internal stuff to pkcs11i.h, and install the pkcs11x.h header containing extensions. https://bugs.freedesktop.org/show_bug.cgi?id=83495
* Move to non-recursive Makefile for building bins and libsStef Walter2014-08-151-4/+4
| | | | Still use recursive for documentation and translation.
* doc: Fix missing tag in p11-kit-sharing.xmlStef Walter2014-08-111-0/+1
|
* p11-kit: Add a new 'isolate' pkcs11 config optionStef Walter2014-07-082-0/+12
| | | | | | | This sets 'remote' appropriately to run the module in a separate process. https://bugs.freedesktop.org/show_bug.cgi?id=80472
* p11-kit: Cleanup and add documentation for 'remote' optionStef Walter2014-07-082-0/+28
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=54105
* p11-kit: Add 'p11-kit remote' command for isolating modulesStef Walter2014-07-081-0/+1
| | | | | This adds a new tool to the p11-kit command called 'remote'. This is the server side of remoting a PKCS#11 module.
* rpc: Implement PKCS#11 messages/client/server codeStef Walter2014-07-081-0/+2
| | | | | | | | | | | | * This enables passing around bytes which represent PKCS#11 RPC calls. * Caller is responsible for connecting/disconnecting and so on. * Client side caller gets a mixin from p11_rpc_client_init() to call into, which generates callbacks with byte arrays to be transported. * Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR on which relevant methods get called. * Doesn't yet implement the actual daemon or clients etc... https://bugs.freedesktop.org/show_bug.cgi?id=54105
* p11-kit: Mark p11_kit_be_quiet() and p11_kit_be_loud() stableStef Walter2014-07-041-2/+2
| | | | | These are useful functions for callers who want to supress all output from p11-kit library.
* Build in srcdir != builddir fashion by defaultStef Walter2014-01-141-1/+2
| | | | Naturally this doesn't apply to tarballs
* Move gtk-doc.make into build directoryStef Walter2014-01-141-1/+1
|
* Fix documentation buildStef Walter2013-09-231-11/+13
|
* Documentation tweaksStef Walter2013-09-042-1/+3
|
* Release version 0.19.4Stef Walter2013-08-291-0/+3
|
* trust: Document the new command line trust toolStef Walter2013-08-295-139/+384
|
* iter: Add a p11_kit_iter_destroy_object() functionStef Walter2013-08-281-0/+1
| | | | Handy function since this is a common need.
* iter: Add p11_kit_iter_set_uri() functionStef Walter2013-08-281-1/+2
| | | | This is so we can set a filtering uri on the iterator after construction
* iter: Add p11_kit_iter_get_token() callStef Walter2013-08-281-0/+1
| | | | | To get the already loaded CK_TOKEN_INFO during iteration for the token that the current object is on.
* iter: Add new P11_KIT_ITER_WANT_WRITABLE iterator behaviorStef Walter2013-08-281-1/+0
| | | | | This allows us to try to get a RW session, but if not fallback to a read-only session.
* doc: Add identifiers to doc sections so gtk-doc doesn't autogen themStef Walter2013-07-183-10/+10
|
* Fix extract example in documentationStef Walter2013-07-181-1/+1
|
* Support expanding $XDG_CONFIG_HOME in user config pathsStef Walter2013-07-186-18/+52
| | | | | | | | | | If ~/.config is specified as a prefix to a configured path, then it is expanded to the $XDG_CONFIG_HOME if that exists Add --with-user-config ./configure option to configure a different user config directory. Interpolate the right directories into documentation.
* Don't load configs from user directory when setuidStef Walter2013-07-182-0/+6
| | | | | | | When running as setuid() or setgid() don't access the user's home directory, or use $HOME environment variables. https://bugzilla.redhat.com/show_bug.cgi?id=985014
* Various documentation tweaks and fixes for warningsStef Walter2013-07-102-1/+5
|
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-101-0/+11
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
* Reorganize various componentsStef Walter2013-06-251-1/+0
| | | | | | | * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory
* Mark p11_kit_message() as a stable functionStef Walter2013-05-211-1/+1
|
* Add the log-calls module config optionStef Walter2013-05-213-0/+25
| | | | | If 'log-calls = yes' is set then all the PKCS#11 modules are logged to stderr.
* Manage C_CloseAllSessions function for multiple callersStef Walter2013-05-211-0/+6
| | | | | | Make C_CloseAllSessions work for different callers. Track the sessions that each caller opens and close just those when C_CloseAllSessiosn is called.
* Update the proxy module to use managed PKCS#11 modulesStef Walter2013-05-211-0/+1
| | | | | | | | | | Each time C_GetFunctionList is called on the proxy module, a new managed PKCS#11 set of functions is returned. These are all cleaned up when the module is unloaded. We want the proxy module to continue to work even without the highly recommended libffi. For that reason we still keep the old behavior of sharing state in the proxy module.
* p11-kit: Managed PKCS#11 module loadingStef Walter2013-05-216-56/+134
| | | | | | | | | Support a new managed style module loading for PKCS#11 modules. This allows us to better coordinate between multiple callers of the same PKCS#11 modules and provide hooks into their behavior. This meant redoing the public facing API. The old methods are now deprecated, marked and documented as such.